Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ansible@2.7.17
Typepypi
Namespace
Nameansible
Version2.7.17
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.1rc2
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-3jxq-kxnz-6bfh
vulnerability_id VCID-3jxq-kxnz-6bfh
summary A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20228
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47749
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20228
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1925002
2
reference_url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rrg-rr89-x9mv
3
reference_url https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/49ebd509df9de1c1fc1bcee00e79a835dd00662c
4
reference_url https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e41d1f0a3fd6c466192e7e24accd3d1c6501111b
5
reference_url https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/f8ff395d817c3eddc050f809919c15dfb5796120
6
reference_url https://github.com/ansible/ansible/pull/73487
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73487
7
reference_url https://github.com/ansible/ansible/pull/73492
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73492
8
reference_url https://github.com/ansible/ansible/pull/73493
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73493
9
reference_url https://github.com/ansible/ansible/pull/73494
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/73494
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-1.yaml
11
reference_url https://www.debian.org/security/2021/dsa-4950
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4950
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20228
reference_id CVE-2021-20228
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-20228
fixed_packages
0
url pkg:pypi/ansible@2.8.19rc1
purl pkg:pypi/ansible@2.8.19rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-95kg-bk3s-g7gx
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
8
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19rc1
1
url pkg:pypi/ansible@2.9.18rc1
purl pkg:pypi/ansible@2.9.18rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-b8cv-v25q-1kh3
3
vulnerability VCID-enwa-2cfn-5uab
4
vulnerability VCID-kgjy-7kdy-c3cg
5
vulnerability VCID-m87b-eb5y-8ydf
6
vulnerability VCID-qtt6-8kf8-1fbt
7
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18rc1
2
url pkg:pypi/ansible@2.9.19
purl pkg:pypi/ansible@2.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-enwa-2cfn-5uab
2
vulnerability VCID-kgjy-7kdy-c3cg
3
vulnerability VCID-m87b-eb5y-8ydf
4
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.19
3
url pkg:pypi/ansible@2.10.6rc1
purl pkg:pypi/ansible@2.10.6rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.6rc1
aliases CVE-2021-20228, GHSA-5rrg-rr89-x9mv, PYSEC-2021-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3jxq-kxnz-6bfh
1
url VCID-5mcc-gtrr-j3e4
vulnerability_id VCID-5mcc-gtrr-j3e4
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20178
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.0848
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20178
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1914774
2
reference_url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-wv5p-gmmv-wh9v
3
reference_url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,
4
reference_url https://github.com/ansible-collections/community.general/pull/1635,
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.general/pull/1635,
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/
7
reference_url https://security.archlinux.org/ASA-202102-9
reference_id ASA-202102-9
reference_type
scores
url https://security.archlinux.org/ASA-202102-9
8
reference_url https://security.archlinux.org/AVG-1437
reference_id AVG-1437
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1437
fixed_packages
0
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-b8cv-v25q-1kh3
2
vulnerability VCID-enwa-2cfn-5uab
3
vulnerability VCID-kgjy-7kdy-c3cg
4
vulnerability VCID-m87b-eb5y-8ydf
5
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
aliases CVE-2021-20178, GHSA-wv5p-gmmv-wh9v, PYSEC-2021-106
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mcc-gtrr-j3e4
2
url VCID-6hdk-ywcn-4qe4
vulnerability_id VCID-6hdk-ywcn-4qe4
summary A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1753
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16115
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1753
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753
2
reference_url https://github.com/advisories/GHSA-86hp-cj9j-33vv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-86hp-cj9j-33vv
3
reference_url https://github.com/ansible-collections/kubernetes/pull/51
reference_id
reference_type
scores
url https://github.com/ansible-collections/kubernetes/pull/51
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.18
purl pkg:pypi/ansible@2.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-95kg-bk3s-g7gx
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-gnq4-v5a7-m3ew
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-nx86-xnct-afbs
9
vulnerability VCID-qtt6-8kf8-1fbt
10
vulnerability VCID-uvca-5e2n-pqew
11
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.18
1
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-nx86-xnct-afbs
9
vulnerability VCID-qtt6-8kf8-1fbt
10
vulnerability VCID-tfhg-gzz2-7qc5
11
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
2
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-nx86-xnct-afbs
8
vulnerability VCID-qtt6-8kf8-1fbt
9
vulnerability VCID-tfhg-gzz2-7qc5
10
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-1753, GHSA-86hp-cj9j-33vv, PYSEC-2020-210
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hdk-ywcn-4qe4
3
url VCID-95kg-bk3s-g7gx
vulnerability_id VCID-95kg-bk3s-g7gx
summary A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10729
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20041
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10729
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1831089
2
reference_url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-r6h7-5pq2-j77h
3
reference_url https://github.com/ansible/ansible/issues/34144
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/34144
fixed_packages
0
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-10729, GHSA-r6h7-5pq2-j77h, PYSEC-2021-105
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95kg-bk3s-g7gx
4
url VCID-b8cv-v25q-1kh3
vulnerability_id VCID-b8cv-v25q-1kh3
summary An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14330
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44392
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14330
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330
2
reference_url https://github.com/advisories/GHSA-785x-qw4v-6872
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-785x-qw4v-6872
3
reference_url https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
4
reference_url https://github.com/ansible/ansible/issues/68400
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/68400
5
reference_url https://github.com/ansible/ansible/pull/69653
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/69653
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-3.yaml
7
reference_url https://www.debian.org/security/2021/dsa-4950
reference_id
reference_type
scores
url https://www.debian.org/security/2021/dsa-4950
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14330
reference_id CVE-2020-14330
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-14330
fixed_packages
0
url pkg:pypi/ansible@2.10.0
purl pkg:pypi/ansible@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hyr1-b223-bkef
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
3
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0
aliases CVE-2020-14330, GHSA-785x-qw4v-6872, PYSEC-2020-3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cv-v25q-1kh3
5
url VCID-enwa-2cfn-5uab
vulnerability_id VCID-enwa-2cfn-5uab
summary arbitrary command execution
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3583
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.51217
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3583
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1968412
2
reference_url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2pfh-q76x-gwvm
3
reference_url https://security.archlinux.org/AVG-2260
reference_id AVG-2260
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2260
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
reference_id CVE-2021-3583
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3583
fixed_packages
0
url pkg:pypi/ansible@2.9.23
purl pkg:pypi/ansible@2.9.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
3
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.23
aliases CVE-2021-3583, GHSA-2pfh-q76x-gwvm, PYSEC-2021-358
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enwa-2cfn-5uab
6
url VCID-gnq4-v5a7-m3ew
vulnerability_id VCID-gnq4-v5a7-m3ew
summary A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:3201
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3201
3
reference_url https://access.redhat.com/errata/RHSA-2019:3202
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3202
4
reference_url https://access.redhat.com/errata/RHSA-2019:3203
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3203
5
reference_url https://access.redhat.com/errata/RHSA-2019:3207
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3207
6
reference_url https://access.redhat.com/errata/RHSA-2020:0756
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0756
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14858
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.1264
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14858
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14858
fixed_packages
0
url pkg:pypi/ansible@2.8.1
purl pkg:pypi/ansible@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39vn-b7y4-v3ez
1
vulnerability VCID-3jxq-kxnz-6bfh
2
vulnerability VCID-4331-d5yy-uybc
3
vulnerability VCID-4tfv-snmv-bbax
4
vulnerability VCID-52zf-mjec-f3d5
5
vulnerability VCID-5mcc-gtrr-j3e4
6
vulnerability VCID-6hdk-ywcn-4qe4
7
vulnerability VCID-6smx-ju23-8qes
8
vulnerability VCID-7d8z-g99x-7qh2
9
vulnerability VCID-95kg-bk3s-g7gx
10
vulnerability VCID-aq21-sp74-17gk
11
vulnerability VCID-axds-bd49-fbdj
12
vulnerability VCID-b423-t4kx-eqbq
13
vulnerability VCID-b8cv-v25q-1kh3
14
vulnerability VCID-brft-snn6-guc8
15
vulnerability VCID-bvsa-kz7r-zyea
16
vulnerability VCID-enwa-2cfn-5uab
17
vulnerability VCID-hyr1-b223-bkef
18
vulnerability VCID-kgjy-7kdy-c3cg
19
vulnerability VCID-m87b-eb5y-8ydf
20
vulnerability VCID-mk3k-n9wn-q3ct
21
vulnerability VCID-n2b8-e8fa-2ue1
22
vulnerability VCID-nx86-xnct-afbs
23
vulnerability VCID-qtt6-8kf8-1fbt
24
vulnerability VCID-rarq-tdjt-hff3
25
vulnerability VCID-rnub-zmb6-5yhw
26
vulnerability VCID-tfhg-gzz2-7qc5
27
vulnerability VCID-uvca-5e2n-pqew
28
vulnerability VCID-xn7b-vz2e-6qdh
29
vulnerability VCID-xpfd-zdry-euh5
30
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1
aliases CVE-2019-14858, PYSEC-2019-171
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnq4-v5a7-m3ew
7
url VCID-kgjy-7kdy-c3cg
vulnerability_id VCID-kgjy-7kdy-c3cg
summary information disclosure
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1956477
1
reference_url https://security.archlinux.org/AVG-2056
reference_id AVG-2056
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2056
fixed_packages
0
url pkg:pypi/ansible@3.0.0
purl pkg:pypi/ansible@3.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@3.0.0
aliases CVE-2021-3533, PYSEC-2021-126
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgjy-7kdy-c3cg
8
url VCID-m87b-eb5y-8ydf
vulnerability_id VCID-m87b-eb5y-8ydf
summary A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25635
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.236
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25635
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25635
2
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
3
reference_url https://github.com/ansible-collections/community.aws/issues/222
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/issues/222
4
reference_url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
reference_id
reference_type
scores
url https://github.com/ansible-collections/community.aws/pull/237#issuecomment-1468591094
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-220.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
reference_id CVE-2020-25635
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-25635
7
reference_url https://github.com/advisories/GHSA-f556-49jc-4rvc
reference_id GHSA-f556-49jc-4rvc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f556-49jc-4rvc
fixed_packages
0
url pkg:pypi/ansible@2.10.1
purl pkg:pypi/ansible@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kgjy-7kdy-c3cg
1
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.1
aliases CVE-2020-25635, GHSA-f556-49jc-4rvc, PYSEC-2020-220
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m87b-eb5y-8ydf
9
url VCID-nx86-xnct-afbs
vulnerability_id VCID-nx86-xnct-afbs
summary An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10744
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11851
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10744
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744
2
reference_url https://github.com/advisories/GHSA-vp9j-rghq-8jhh
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp9j-rghq-8jhh
3
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
4
reference_url https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
5
reference_url https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f
6
reference_url https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/ffd3757fc35468a97791e452e7f2d14c3e3fcb80
7
reference_url https://github.com/ansible/ansible/issues/69782
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/69782
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-208.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10744
reference_id CVE-2020-10744
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-10744
fixed_packages
0
url pkg:pypi/ansible@2.8.0a1
purl pkg:pypi/ansible@2.8.0a1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-49gh-wgmc-mfew
2
vulnerability VCID-5mcc-gtrr-j3e4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-aq21-sp74-17gk
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-gnq4-v5a7-m3ew
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-mk3k-n9wn-q3ct
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-rarq-tdjt-hff3
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xn7b-vz2e-6qdh
15
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.0a1
1
url pkg:pypi/ansible@2.8.13
purl pkg:pypi/ansible@2.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-qtt6-8kf8-1fbt
9
vulnerability VCID-tfhg-gzz2-7qc5
10
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13
2
url pkg:pypi/ansible@2.9.10
purl pkg:pypi/ansible@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
8
vulnerability VCID-tfhg-gzz2-7qc5
9
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.10
3
url pkg:pypi/ansible@2.9.12
purl pkg:pypi/ansible@2.9.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
8
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.12
4
url pkg:pypi/ansible@2.10.0rc1
purl pkg:pypi/ansible@2.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1
aliases CVE-2020-10744, GHSA-vp9j-rghq-8jhh, PYSEC-2020-208
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx86-xnct-afbs
10
url VCID-qtt6-8kf8-1fbt
vulnerability_id VCID-qtt6-8kf8-1fbt
summary information disclosure
references
0
reference_url https://access.redhat.com/errata/RHSA-2021:3871
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3871
1
reference_url https://access.redhat.com/errata/RHSA-2021:3872
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3872
2
reference_url https://access.redhat.com/errata/RHSA-2021:3874
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3874
3
reference_url https://access.redhat.com/errata/RHSA-2021:4703
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4703
4
reference_url https://access.redhat.com/errata/RHSA-2021:4750
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4750
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3620
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52692
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3620
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1975767
7
reference_url https://github.com/advisories/GHSA-4r65-35qq-ch8j
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4r65-35qq-ch8j
8
reference_url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
reference_id
reference_type
scores
url https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes
9
reference_url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml
11
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html
12
reference_url https://security.archlinux.org/AVG-1941
reference_id AVG-1941
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1941
13
reference_url https://access.redhat.com/security/cve/CVE-2021-3620
reference_id CVE-2021-3620
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2021-3620
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
reference_id CVE-2021-3620
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3620
fixed_packages
0
url pkg:pypi/ansible@2.9.27
purl pkg:pypi/ansible@2.9.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.27
aliases CVE-2021-3620, GHSA-4r65-35qq-ch8j, PYSEC-2022-164
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt6-8kf8-1fbt
11
url VCID-uvca-5e2n-pqew
vulnerability_id VCID-uvca-5e2n-pqew
summary information disclosure
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20191
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.07158
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20191
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1916813
2
reference_url https://github.com/advisories/GHSA-8f4m-hccc-8qph
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8f4m-hccc-8qph
3
reference_url https://security.archlinux.org/ASA-202102-9
reference_id ASA-202102-9
reference_type
scores
url https://security.archlinux.org/ASA-202102-9
4
reference_url https://security.archlinux.org/AVG-1437
reference_id AVG-1437
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1437
fixed_packages
0
url pkg:pypi/ansible@2.8.19
purl pkg:pypi/ansible@2.8.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-95kg-bk3s-g7gx
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.19
1
url pkg:pypi/ansible@2.9.18
purl pkg:pypi/ansible@2.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-b8cv-v25q-1kh3
2
vulnerability VCID-enwa-2cfn-5uab
3
vulnerability VCID-kgjy-7kdy-c3cg
4
vulnerability VCID-m87b-eb5y-8ydf
5
vulnerability VCID-qtt6-8kf8-1fbt
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.18
2
url pkg:pypi/ansible@2.10.7
purl pkg:pypi/ansible@2.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kgjy-7kdy-c3cg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.7
aliases CVE-2021-20191, GHSA-8f4m-hccc-8qph, PYSEC-2021-124
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvca-5e2n-pqew
12
url VCID-zcmk-4k97-kkd9
vulnerability_id VCID-zcmk-4k97-kkd9
summary Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html
3
reference_url https://access.redhat.com/errata/RHSA-2018:3770
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3770
4
reference_url https://access.redhat.com/errata/RHSA-2018:3771
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3771
5
reference_url https://access.redhat.com/errata/RHSA-2018:3772
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3772
6
reference_url https://access.redhat.com/errata/RHSA-2018:3773
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:3773
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16859
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25744
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16859
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16859
10
reference_url https://cwe.mitre.org/data/definitions/200.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/200.html
11
reference_url https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/8c1f701e6e9df29fe991f98265e2dd76acca4b8c
12
reference_url https://github.com/ansible/ansible/pull/49142
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/49142
13
reference_url http://www.securityfocus.com/bid/106004
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106004
fixed_packages
0
url pkg:pypi/ansible@2.8.1
purl pkg:pypi/ansible@2.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39vn-b7y4-v3ez
1
vulnerability VCID-3jxq-kxnz-6bfh
2
vulnerability VCID-4331-d5yy-uybc
3
vulnerability VCID-4tfv-snmv-bbax
4
vulnerability VCID-52zf-mjec-f3d5
5
vulnerability VCID-5mcc-gtrr-j3e4
6
vulnerability VCID-6hdk-ywcn-4qe4
7
vulnerability VCID-6smx-ju23-8qes
8
vulnerability VCID-7d8z-g99x-7qh2
9
vulnerability VCID-95kg-bk3s-g7gx
10
vulnerability VCID-aq21-sp74-17gk
11
vulnerability VCID-axds-bd49-fbdj
12
vulnerability VCID-b423-t4kx-eqbq
13
vulnerability VCID-b8cv-v25q-1kh3
14
vulnerability VCID-brft-snn6-guc8
15
vulnerability VCID-bvsa-kz7r-zyea
16
vulnerability VCID-enwa-2cfn-5uab
17
vulnerability VCID-hyr1-b223-bkef
18
vulnerability VCID-kgjy-7kdy-c3cg
19
vulnerability VCID-m87b-eb5y-8ydf
20
vulnerability VCID-mk3k-n9wn-q3ct
21
vulnerability VCID-n2b8-e8fa-2ue1
22
vulnerability VCID-nx86-xnct-afbs
23
vulnerability VCID-qtt6-8kf8-1fbt
24
vulnerability VCID-rarq-tdjt-hff3
25
vulnerability VCID-rnub-zmb6-5yhw
26
vulnerability VCID-tfhg-gzz2-7qc5
27
vulnerability VCID-uvca-5e2n-pqew
28
vulnerability VCID-xn7b-vz2e-6qdh
29
vulnerability VCID-xpfd-zdry-euh5
30
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.1
aliases CVE-2018-16859, PYSEC-2018-60
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zcmk-4k97-kkd9
Fixing_vulnerabilities
0
url VCID-4331-d5yy-uybc
vulnerability_id VCID-4331-d5yy-uybc
summary A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1733
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08127
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1733
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733
2
reference_url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-g4mq-6fp5-qwcf
3
reference_url https://github.com/ansible/ansible/issues/67791
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67791
4
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
8
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.8
purl pkg:pypi/ansible@2.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b423-t4kx-eqbq
6
vulnerability VCID-b8cv-v25q-1kh3
7
vulnerability VCID-brft-snn6-guc8
8
vulnerability VCID-bvsa-kz7r-zyea
9
vulnerability VCID-enwa-2cfn-5uab
10
vulnerability VCID-hyr1-b223-bkef
11
vulnerability VCID-kgjy-7kdy-c3cg
12
vulnerability VCID-m87b-eb5y-8ydf
13
vulnerability VCID-n2b8-e8fa-2ue1
14
vulnerability VCID-nx86-xnct-afbs
15
vulnerability VCID-qtt6-8kf8-1fbt
16
vulnerability VCID-rarq-tdjt-hff3
17
vulnerability VCID-rnub-zmb6-5yhw
18
vulnerability VCID-tfhg-gzz2-7qc5
19
vulnerability VCID-uvca-5e2n-pqew
20
vulnerability VCID-xpfd-zdry-euh5
21
vulnerability VCID-zjct-yufk-jkdg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.8
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1733, GHSA-g4mq-6fp5-qwcf, PYSEC-2020-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4331-d5yy-uybc
1
url VCID-6swz-79ue-bbef
vulnerability_id VCID-6swz-79ue-bbef
summary A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0547
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:0547
1
reference_url https://access.redhat.com/errata/RHBA-2020:1539
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2020:1539
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1734
reference_id
reference_type
scores
0
value 0.00083
scoring_system epss
scoring_elements 0.24234
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1734
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1801804
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734
5
reference_url https://github.com/advisories/GHSA-h39q-95q5-9jfp
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h39q-95q5-9jfp
6
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
7
reference_url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/4f978af4ca16ad9828ffe42203b9615425195f8b
8
reference_url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/963bdd9983b91a48fb6949fb2ef41071e72d0be0
9
reference_url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/bff0724e9eab2770f874e018298f9ab74cc2a78f
10
reference_url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
reference_id
reference_type
scores
url https://github.com/ansible/ansible/commit/e5649ca3e807f17e7c034ee22791f107162973b0
11
reference_url https://github.com/ansible/ansible/issues/67792
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67792
12
reference_url https://github.com/ansible/ansible/issues/70159
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/70159
13
reference_url https://github.com/ansible/ansible/pull/70596
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/70596
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-6.yaml
15
reference_url https://access.redhat.com/security/cve/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2020-1734
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
reference_id CVE-2020-1734
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1734
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.13
purl pkg:pypi/ansible@2.8.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-qtt6-8kf8-1fbt
9
vulnerability VCID-tfhg-gzz2-7qc5
10
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.13
2
url pkg:pypi/ansible@2.9.11
purl pkg:pypi/ansible@2.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-qtt6-8kf8-1fbt
8
vulnerability VCID-tfhg-gzz2-7qc5
9
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.11
3
url pkg:pypi/ansible@2.10.0rc1
purl pkg:pypi/ansible@2.10.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b8cv-v25q-1kh3
1
vulnerability VCID-kgjy-7kdy-c3cg
2
vulnerability VCID-m87b-eb5y-8ydf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.10.0rc1
aliases CVE-2020-1734, GHSA-h39q-95q5-9jfp, PYSEC-2020-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6swz-79ue-bbef
2
url VCID-b423-t4kx-eqbq
vulnerability_id VCID-b423-t4kx-eqbq
summary A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1735
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33455
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1735
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735
2
reference_url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gfr2-qpxh-qj9m
3
reference_url https://github.com/ansible/ansible/issues/67793
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67793
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1735, GHSA-gfr2-qpxh-qj9m, PYSEC-2020-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b423-t4kx-eqbq
3
url VCID-brft-snn6-guc8
vulnerability_id VCID-brft-snn6-guc8
summary A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1737
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.35898
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1737
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737
2
reference_url https://github.com/advisories/GHSA-893h-35v4-mxqx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-893h-35v4-mxqx
3
reference_url https://github.com/ansible/ansible/issues/67795
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67795
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
7
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1737, GHSA-893h-35v4-mxqx, PYSEC-2020-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brft-snn6-guc8
4
url VCID-bvsa-kz7r-zyea
vulnerability_id VCID-bvsa-kz7r-zyea
summary A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1746
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30138
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1746
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746
2
reference_url https://github.com/advisories/GHSA-j2h6-73x8-22c4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-j2h6-73x8-22c4
3
reference_url https://github.com/ansible/ansible/pull/67866
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/67866
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-nx86-xnct-afbs
9
vulnerability VCID-qtt6-8kf8-1fbt
10
vulnerability VCID-tfhg-gzz2-7qc5
11
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
2
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-nx86-xnct-afbs
8
vulnerability VCID-qtt6-8kf8-1fbt
9
vulnerability VCID-tfhg-gzz2-7qc5
10
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-1746, GHSA-j2h6-73x8-22c4, PYSEC-2020-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvsa-kz7r-zyea
5
url VCID-hyr1-b223-bkef
vulnerability_id VCID-hyr1-b223-bkef
summary A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1736
reference_id
reference_type
scores
0
value 0.00059
scoring_system epss
scoring_elements 0.18673
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1736
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736
2
reference_url https://github.com/advisories/GHSA-x7jh-595q-wq82
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7jh-595q-wq82
3
reference_url https://github.com/ansible/ansible
reference_id
reference_type
scores
url https://github.com/ansible/ansible
4
reference_url https://github.com/ansible/ansible/issues/67794
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67794
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-8.yaml
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/
10
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
reference_id CVE-2020-1736
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1736
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1736, GHSA-x7jh-595q-wq82, PYSEC-2020-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyr1-b223-bkef
6
url VCID-n2b8-e8fa-2ue1
vulnerability_id VCID-n2b8-e8fa-2ue1
summary A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1740
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.34646
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1740
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740
2
reference_url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-vcg8-98q8-g7mj
3
reference_url https://github.com/ansible/ansible/issues/67798
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67798
4
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
8
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1740, GHSA-vcg8-98q8-g7mj, PYSEC-2020-12
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2b8-e8fa-2ue1
7
url VCID-rarq-tdjt-hff3
vulnerability_id VCID-rarq-tdjt-hff3
summary A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1738
reference_id
reference_type
scores
0
value 0.00215
scoring_system epss
scoring_elements 0.44079
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1738
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738
2
reference_url https://github.com/advisories/GHSA-f85h-23mf-2fwh
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f85h-23mf-2fwh
3
reference_url https://github.com/ansible/ansible/issues/67796
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67796
4
reference_url https://github.com/ansible/ansible/pull/67808
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/67808
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-10.yaml
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1738
reference_id CVE-2020-1738
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-1738
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1738, GHSA-f85h-23mf-2fwh, PYSEC-2020-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rarq-tdjt-hff3
8
url VCID-rnub-zmb6-5yhw
vulnerability_id VCID-rnub-zmb6-5yhw
summary A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1739
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.1474
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1739
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739
2
reference_url https://github.com/advisories/GHSA-923p-fr2c-g5m2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-923p-fr2c-g5m2
3
reference_url https://github.com/ansible/ansible/issues/67797
reference_id
reference_type
scores
url https://github.com/ansible/ansible/issues/67797
4
reference_url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-1739, GHSA-923p-fr2c-g5m2, PYSEC-2020-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnub-zmb6-5yhw
9
url VCID-xpfd-zdry-euh5
vulnerability_id VCID-xpfd-zdry-euh5
summary A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10685
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42611
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10685
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685
2
reference_url https://github.com/advisories/GHSA-77g3-3j5w-64w4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-77g3-3j5w-64w4
3
reference_url https://github.com/ansible/ansible/pull/68433
reference_id
reference_type
scores
url https://github.com/ansible/ansible/pull/68433
4
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.11
purl pkg:pypi/ansible@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-kgjy-7kdy-c3cg
7
vulnerability VCID-m87b-eb5y-8ydf
8
vulnerability VCID-nx86-xnct-afbs
9
vulnerability VCID-qtt6-8kf8-1fbt
10
vulnerability VCID-tfhg-gzz2-7qc5
11
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.11
2
url pkg:pypi/ansible@2.9.7
purl pkg:pypi/ansible@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-7d8z-g99x-7qh2
3
vulnerability VCID-b8cv-v25q-1kh3
4
vulnerability VCID-enwa-2cfn-5uab
5
vulnerability VCID-kgjy-7kdy-c3cg
6
vulnerability VCID-m87b-eb5y-8ydf
7
vulnerability VCID-nx86-xnct-afbs
8
vulnerability VCID-qtt6-8kf8-1fbt
9
vulnerability VCID-tfhg-gzz2-7qc5
10
vulnerability VCID-uvca-5e2n-pqew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.7
aliases CVE-2020-10685, GHSA-77g3-3j5w-64w4, PYSEC-2020-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xpfd-zdry-euh5
10
url VCID-zjct-yufk-jkdg
vulnerability_id VCID-zjct-yufk-jkdg
summary A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10684
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08821
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10684
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684
2
reference_url https://github.com/advisories/GHSA-p62g-jhg6-v3rq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-p62g-jhg6-v3rq
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/
6
reference_url https://security.gentoo.org/glsa/202006-11
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202006-11
fixed_packages
0
url pkg:pypi/ansible@2.7.17
purl pkg:pypi/ansible@2.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-95kg-bk3s-g7gx
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-enwa-2cfn-5uab
6
vulnerability VCID-gnq4-v5a7-m3ew
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-uvca-5e2n-pqew
12
vulnerability VCID-zcmk-4k97-kkd9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17
1
url pkg:pypi/ansible@2.8.9
purl pkg:pypi/ansible@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-95kg-bk3s-g7gx
5
vulnerability VCID-b8cv-v25q-1kh3
6
vulnerability VCID-bvsa-kz7r-zyea
7
vulnerability VCID-enwa-2cfn-5uab
8
vulnerability VCID-kgjy-7kdy-c3cg
9
vulnerability VCID-m87b-eb5y-8ydf
10
vulnerability VCID-nx86-xnct-afbs
11
vulnerability VCID-qtt6-8kf8-1fbt
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.8.9
2
url pkg:pypi/ansible@2.9.6
purl pkg:pypi/ansible@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3jxq-kxnz-6bfh
1
vulnerability VCID-5mcc-gtrr-j3e4
2
vulnerability VCID-6hdk-ywcn-4qe4
3
vulnerability VCID-7d8z-g99x-7qh2
4
vulnerability VCID-b8cv-v25q-1kh3
5
vulnerability VCID-bvsa-kz7r-zyea
6
vulnerability VCID-enwa-2cfn-5uab
7
vulnerability VCID-kgjy-7kdy-c3cg
8
vulnerability VCID-m87b-eb5y-8ydf
9
vulnerability VCID-nx86-xnct-afbs
10
vulnerability VCID-qtt6-8kf8-1fbt
11
vulnerability VCID-rarq-tdjt-hff3
12
vulnerability VCID-tfhg-gzz2-7qc5
13
vulnerability VCID-uvca-5e2n-pqew
14
vulnerability VCID-xpfd-zdry-euh5
15
vulnerability VCID-ydka-2etb-hue9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.9.6
aliases CVE-2020-10684, GHSA-p62g-jhg6-v3rq, PYSEC-2020-207
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjct-yufk-jkdg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ansible@2.7.17